[jira] [Work logged] (ARTEMIS-3794) "org.apache.activemq.ssl.keyStorePassword" and "org.apache.activemq.ssl.trustStorePassword" system properties should support ENC(...) format

Fri, 16 Dec 2022 13:13:04 -0800 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-3794?focusedWorklogId=834236&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-834236
 ]

ASF GitHub Bot logged work on ARTEMIS-3794:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 16/Dec/22 21:12
            Start Date: 16/Dec/22 21:12
    Worklog Time Spent: 10m 
      Work Description: jbertram commented on code in PR #4135:
URL: https://github.com/apache/activemq-artemis/pull/4135#discussion_r1051167603


##########
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java:
##########
@@ -755,6 +771,23 @@ public void initChannel(Channel channel) throws Exception {
       logger.debug("Started {} Netty Connector version {} to {}:{}", 
connectorType, TransportConstants.NETTY_VERSION, host, port);
    }
 
+   private String processSslPasswordProperty(String password, String 
codecClass) {

Review Comment:
   Instead of using `ConfigurationHelper` you could simply use 
`PasswordMaskingUtil` (which is what `ConfigurationHelper` does eventually), 
e.g.:
   ```java
      private String resolveMask(String password, String codecClass) {
         try {
            return PasswordMaskingUtil.resolveMask(password, codecClass);
         } catch (Exception e) {
            throw new RuntimeException(e);
         }
      }
   ```
   I think this would make the code much simpler.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 834236)
    Time Spent: 3.5h  (was: 3h 20m)

> "org.apache.activemq.ssl.keyStorePassword" and 
> "org.apache.activemq.ssl.trustStorePassword" system properties should support 
> ENC(...) format
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-3794
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3794
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Configuration
>    Affects Versions: 2.19.1
>            Reporter: Apache Dev
>            Priority: Major
>          Time Spent: 3.5h
>  Remaining Estimate: 0h
>
> In order to set client keyStore/trustStore passwords, overriding those 
> obtained by topology updates from brokers (see ARTEMIS-1157), we need to set 
> system properties.
> Such properties could be logged in traces or be present in dumps.
> It would be a more secure practice to handle ENC(...) format to mask them.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to